The Access Session Locking addition to this feature extends the Exclusive Configuration Change Access feature such that
show and
debug commands entered by the user holding the configuration lock always have execution priority;show and
debug commands entered by other users are only allowed to run after the processes initiated by the configuration lock owner have finished.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Locking the Configuration

Exclusive Configuration
Change Access and Access Session Locking

Devices running Cisco
IOS software maintain a running configuration that determines the configuration
state of the device. Changes to the running configuration alter the behavior of
the device. Because Cisco IOS software allows multiple users to change the
running configuration via the device CLI (including the device console and
telnet Secure Shell (SSH)), in some operating environments it would be
beneficial to prevent multiple users from making concurrent changes to the
Cisco IOS running configuration. Temporarily limiting access to the Cisco IOS
running configuration prevents inadvertent conflicts or cases where two users
attempt to configure the same portion of the running configuration.

The Exclusive
Configuration Change Access feature (also called the “Configuration Lock”
feature) allows you to have exclusive change access to the Cisco IOS running
configuration, preventing multiple users from making concurrent configuration
changes.

This feature provides
exclusive change access to the Cisco IOS running configuration from the time
you enter global configuration mode by using the
configureterminal command. This gives the effect of a
“configuration lock,” preventing other users from changing the Cisco IOS
running configuration. The configuration lock is automatically released when
the user exits Cisco IOS configuration mode.

The Exclusive
Configuration Change Access feature is enabled using the
configurationmodeexclusive command in global configuration mode.
Exclusive configuration change access can be set to
auto, so that
the Cisco IOS configuration mode is locked whenever anyone uses the
configureterminal command, or it can be set to
manual, so that
the Cisco IOS configuration mode is locked only when the
configureterminallock command is issued.

The Exclusive
Configuration Change Access feature is complementary with the locking mechanism
for the Configuration Replace and Configuration Rollback feature introduced in
Cisco IOS Release 12.2(25)S and 12.3(7)T.

Access Session
Locking

The Access Session
Locking feature extends the Exclusive Configuration Change Access feature such
that
show and
debug commands
entered by the user holding the configuration lock always have execution
priority. This feature prevents concurrent configuration access and also
provides an option to prevent simultaneous processes, such as a
show command
entered by another user, from executing while other configuration commands are
being executed. When this feature is enabled, the commands entered by the user
with the configuration lock (such as configuration commands) always have
priority over commands entered by other users.

Effective with
Cisco IOS Release 12.2(33)SRE, the Exclusive Configuration Change Access and
Access Session Locking feature is not available in Cisco IOS software. Use the
Parser Concurrency and Locking Improvements feature instead of this feature.
See the “Enabling Parser Concurrency and Locking Improvements” section for more
information.

Configuration Examples for Locking the Configuration

Configuring an Exclusive Lock
in Auto Mode Example

The following
example shows how to enable the exclusive lock in auto mode for single-user
auto configuration mode using the
configurationmodeexclusive command. Once the Cisco IOS
configuration file is locked exclusively, you can verify this configuration by
using the
showconfigurationlockcommand.

RFCs

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

--

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

The Exclusive Configuration Change Access feature (also called the “Configuration Lock” feature) allows you to have exclusive change access to the Cisco IOS running configuration, preventing multiple users from making concurrent configuration changes.

The Access Session Locking addition to this feature extends the Exclusive Configuration Change Access feature such that
show and
debug commands entered by the user holding the configuration lock always have execution priority;show and
debug commands entered by other users are allowed to run only after the processes initiated by the configuration lock owner have finished.

The Exclusive Configuration Change Access feature is complementary with the locking mechanism for the Configuration Replace and Configuration Rollback feature (“rollback lock”).

The Configuration Lock feature feature was integrated into Release 12.0S, and the Access Session Locking feature extension was implemented. The
configurationmodeexclusivecommand was extended to include the following keyword options:
config_wait,
expire,
interleave,
lock-show,
retry_wait, and
terminate. The output of the
showconfigurationlockcommand was improved.

The extended feature was integrated into Releases 12.2(33)SRA, 12.4(11)T, 12.2(33)SXH, and 12.2(33)SB.

The following sections provide information about this feature:

Information About Locking the Configuration

How to Configure Configuration Lock

The following commands were introduced or modified:
clearconfigurationlock,
configurationmodeexclusive, and
configureterminallock.

Parser Concurrency and Locking Improvements

12.2(33)SRE

15.1(1)T

The Parser Concurrency and Locking Improvements feature provides a common interface that ensures that exclusive access is granted to the requested process and prevents others from concurrently accessing the Cisco IOS configuration. It allows access only to the user holding the lock and prevents other clients from accessing the configuration.

The following sections provide information about this feature:

Parser Concurrency and Locking Improvements

Enabling Parser Concurrency and Locking Improvements

The following commands were introduced or modified:
parsercommandserializer and
testparsersession-lock.